Category: Online Security

Zappos, an online retailer run by Amazon has suffered a security breach and has confirmed that its customer information was accessed.

In an email sent to its customers, CEO of Zappos, Tony Hsieh said,

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Fortunately for its users, Tony has confirmed that the database containing the credit card information and shipping addresses was not breached. A similar kind of breach had occurred at CoveritLive, a few days ago. Like the breach at Zappos, while the hackers could access the username and/or password of CoveritLive users, luckily, they failed to get their hands on the financial data.

As a result of the breach, Zoppos has temporarily blocked international users and has cancelled telephone support. They are urging its users to contact them by email, in case they have any questions.

Zappos is now enforcing a password reset for all of its users. They are also working along with the law enforcement agencies on the investigation of the hacking incident. So if you have an account on Zappos, it is recommended that you change the password as soon as possible. Also, if you have the same password associated with any other online accounts, it would be wise to change that as well.

Huffington Post’s 1.5 million twitter followers were baffled for a minute to see a bunch of racist and homophobic tweets being posted today afternoon, until they realized that the publication’s account was compromised.

Apparently, the hacking was done by a person who calls himself ‘cloverfdch’. The offensive tweets have been taken down and things are back to normal now. Officials at Huffington Post haven’t yet reacted on the hacking incident.

UPDATE: Huffington Post has now posted a tweet acknowledging the hacking.

Coincidentally, the twitter and foursquare accounts of the actor Ashton Kutcher was also hacked at around the same time. His account has also been restored now. In Ashton’s case, it appears that the hacker accidentally revealed his own location by using his Foursquare account. Ashton has even posted a picture of the foursquare map with the hacker’s location on twitter.

It is not immediately clear whether their accounts were hacked by the same person.

Today morning, I woke up to see the following email from Cover It Live.

CoveritLive recently discovered that certain proprietary data files were accessed without authorization starting on or about January 7, 2012. We have not yet determined if, or to what extent, CoveritLive account information (i.e., user names, email addresses and/or passwords) was accessed. We do know, however, that no financial account information has been compromised.

…

We take this matter very seriously and will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access. We also would like to take this moment to remind you of a couple of tips that should always be followed:

· Do not open emails from senders you do not know. Be especially cautious of “phishing” emails, where the sender tries to trick the recipient into disclosing confidential or personal information.

· Do not share personal or sensitive information via email. Legitimate companies will not attempt to collect personal information outside of a secure website.

We regret any inconvenience that this password change process may cause you. Please do not hesitate to contact us at [email protected] if you have any questions.

Sincerely,

CoveritLive Team

CoveritLive, as you might know, is a tool used primarily for live blogging. Many popular websites and blogs such as ESPN, USA Today and ZDNet use CoveritLive for live blogging.

According to the email sent to its customers, CoveritLive user’s passwords are encrypted and there is no evidence yet that they have been retrieved. The email also states that no financial data has been stolen, which is a major relief for its customers.

As of now, we don’t know exactly what kind of data was stolen. The company has started an investigation and hopefully more details will be released soon.

In the meantime, if you have a CoveritLive account, I strongly suggest that you change the password immediately. In fact, from today (January 14) onwards, CoveritLive will be enforcing a password reset for all of its users. So when you login to CoveritLive next time, you’ll be asked to change the password.

If you have been using the same password for any other accounts, it is a good idea to change that as well.

Today, Symantec confirmed that source codes of two of its old enterprise products were obtained by hackers.

The hack is assumed to be the work of an Indian group who call themselves ‘Lords of Dharmaraja’. Interestingly, the security breach did not take place directly at Symantec’s servers. Instead, the source code was obtained (along with other confidential documents) by hacking into an Indian Military server.

The group posted some details regarding the source code on Pastebin (which was taken down after the news spread) and has warned that they will be releasing the source code, once they overcome the blockade put forth by Indian and US agencies.

A hacker called ‘Yama Tough’ emailed the source file to the folks at InfoSec Island who in turn forwarded it to Symantec for verification. Yama Tough has also posted some screenshots of a confidential document about Cellular Surveillance.

Symantec, after verifying the file, posted the following response in their Facebook wall.

Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

Although the leaked source code is of older products, what its repercussions are going to be for Symantec is yet to be seen.

If you thought the site you were browsing was secure simply due to the little s at the end of HTTP, you may want to re-evaluate.

Security researchers at ACROS have posted details concerning a vulnerability in versions 14 and 15 of Google’s Chrome browser. The issue comes from an inconsistency that Chrome has when following and rendering redirections to other web pages. This means that an attacker can redirect a visitor to a page that looks identical to a legitimate page, with a real looking HTTPS URL, when infact they are not on the expected page. This can lead to theft of credentials, credit cards and other personal information.

The crux of the issue comes down to Chrome being very quick to update the address bar, even before any of the page content has actually loaded. This allows the researchers to change the destination without it being reflected to the address bar. Most users will “confirm” they are on the correct page simply by reading the address page and matching it with what they are looking at, especially when the majority only visit a handful of specific websites.

While the newest releases of Chrome (16, beta and above) have had this issue resolved, Google’s browser holds a relatively large marketshare of approximately 20% world wide. That’s more than 70 million. If over 75% of those users have updated version, one can speculate that roughly 1.7 million users are susceptible to this attack. With Google’s auto-update mechanism, it’s highly unlikely that there are so many old installations.

At Techie-Buzz alone, more than 1 million of the 3.5+ million visitors use Chrome. Google Chrome has been growing at a very rapid rate, pushing Microsoft’s Internet Explorer and Mozilla’s Firefox lower and lower. Chances are, you’re using Chrome because it’s fast, so if you want to stay as safe as possible, keep Chrome updated and take a look at some of the popular security/privacy extensions.

According to a recent report from Internet security company Kaspersky Labs, India has become the top source of spam emails for the third quarter of 2011.

During this period, about 79.8% of total emails sent were spam and out of this, 14.8% originated in India. The second and third positions are also held by developing nations Indonesia with 10.6% and Brazil with 9.7%. All of the top ten sources are Asian, South American or Eastern European countries.

With limited or no laws at all to tackle the issue of spam, these countries have become the safe haven for criminals looking to exploit the internet community by spamming.

India’s huge internet user base (which is currently the third largest behind China and US) and lack of awareness among the general public about general security practices could have been the reason for India’s rise as the world’s spam capital.

Some of the other important details from the Kaspersky Spam Report are –

· In Q3 of 2011, the share of spam in mail traffic was down 2.7 percentage points compared to the previous quarter, averaging 79.8%.

Well it seems like the much maligned Stop Online Privacy Act has been steadily losing support as time goes by. The Internet, for all its loose frivolities and nonexistent persistent loyalties has banded together to effectively stop a Big Brother-like monitoring legal tool from ever being born. As the senate keeps debating the bill, many of the copyright-loving companies such as EA, Sony and Nintendo have been pressurized by both their fans online as well as their employees to drop support for this bill.

SOPA, along with its sister law PROTECT-IP has been at the receiving end of much criticism from the citizens of the United States. The bills, if enacted, will allow any content-owning person to order a takedown of a site that either hosts their content or even links to their content. Considering that much of the internet is based upon the linking to-and-fro of copyrighted content, this effectively curbs the freedom of the internet as we know it. Moreover, if the content owner so wishes, he or she may order the IP address of the infringing site to be blacklisted, rendering the site inaccessible. The kind of horror this can inflict upon aggregation sites such as Reddit is unfathomable.

We just have to hope that big wigs like Nintendo, Sony and EA keep dropping their support and that this bill is never passed.

Continuing their role of being a silly bunch of hackers with vague goals and assaulting easy-to-hack sites and then twisting their victims to somehow fit into their agenda, the #Antisec team of [probably] Anonymous has struck again! Now as you can see, I have a poor opinion about these attacks. This is mostly due to their terrible handling of the previous attack on Stratfor and misappropriating stealing money from credit cards. Now I do not know what wrong Stratfor, or their latest target SpecialForces.com did but merely standing by and doing business is something these Anons cannot stand. As I have said before, we live in sad times.

The pretext that Antisec put up to attack SpecialForces.com, a security gear supply store (they stock items like knives, combat apparel and the like), is merely existing:-

[W]e are announcing our next target: the online piggie supply store SpecialForces.com. Their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and professionallooking website.

According to the group which is yet to be properly identified (they just mentioned Merry LulzXmasand #Antisec in their release and since they mentioned Stratfor, I am assuming they are Anonymous), this attack is indirectly related to the pepper spraying cop of UC Davis fame. How veryâ€¦ precise, Anons.

Anonymous, being the decentralized hacker group that it is, does newsworthy works of note as well as rather asinine things that despoil its name as well as the term hacktivistfor the rest of the world. Its recent escapade falls under the second category wherein Anonymous hackers hacked into security company Stratfor and mined it for credit card information. Apparently this was done to misappropriate the money and use it for donations to charitable institutions for Christmas.

The Austin, Texas-based security company is already in talks with law enforcement to contain the confidential documents’ leak. With clients ranging from Apple Inc. to the U.S. Air Force, the company had better work quickly to save both its reputation and corporate and military secrets. In addition, it seems that Stratfor has pulled a Sony by not encrypting the credit card information, leading to many unauthorized transactions alleged by the victims, especially for those who were in need of the money to get home for the Holidays and the like. Terrible move there, Anonymous.

It also seems like Anonymous forgot about the chargeback fees for unauthorized transactions that have to be borne by charitable institutions like the Red Cross.

Amnesty International’s UK website was hacked recently, to incorporate an iframe that served a Trojan.

The iframe loads a CVE-2011-3544 based java exploit code, fetched from a Brazilian automobile site which itself was hacked. Security Analyst, Brian Krebs reports that the retrieved executable file is a trjoan classified as Trojan Spy-XR. This Trojan, which relies on a patched Java vulnerability, tracks and steals the affected user’s keystrokes.

According to Paul Royal of Barracuda Labs, the website was compromised on or before December 16th. So, if you have visited the website anytime between and have out-dated Java software, there’s a good chance that your computer is infected. In that case, run a complete system scan using your updated anti-virus. It is also a good idea to change the passwords of your online accounts.

This exploit will not affect you if you had already installed the latest Java updates or if you don’t have Java installed.

This is not the first time that Amnesty’s website was compromised. Last year, their Hong Kong website was hacked to spread malware of similar kind. The UK website itself has been compromised previously to exploit a Flash Player zero-day vulnerability.

Speculating about motive for the attacks, Paul went on to say in his blog post that,

The working theory for this anomaly relates to Amnesty International as a human rights non-governmental organization. To explain, certain countries use zero day exploits and other techniques to gain electronic information about the activities of human rights activists. Of course, a subset of these activists are too smart to click on links in even well-worded spearphishing emails. But what if you compromised a website frequented by these activists (e.g., Amnesty International)? Then your targets come to you. The context-specific damage potential is significant.